Archive for February 8, 2012

Wednesday, February 8, 2012

WSJ on Sandboxing

Jessica E. Vascellaro (via Jason Snell):

Mac developer Mark Munz, of Vancouver, Wash., says to comply with Apple’s new rules, he has to remove key features of his text-reformatting app TextSoap that integrate with other programs.

As a workaround, he’s working on a “helper app” that Mac App Store users could download separately to restore the extra functionality. “It sort of defeats the purpose of what sandboxing is about,” says Mr. Munz, who is president of Unmarked Software LLC.

Unfortunately, that approach isn’t an option if API bugs or omissions prevent core features of the application from working in the sandbox.

How iTunes Match Works for Copyright Holders

Jeff Price (via John Gruber):

A person has a song on her computer hard drive. She clicks on the song and plays it. No one is getting paid. The same person pays iTunes $25 for iMatch. She now clicks on the same song and plays it through her iMatch service. Copyright holders get paid.

Two interesting points here. First, you pay Apple a flat fee for the ability to download, whether or not you actually do; Apple pays the music labels each time you actually download. So Apple is playing the odds here, hoping that the average user won’t have more downloads than expected. Second, the labels get paid even if you’re just downloading a backup of music that you’d already bought on CD. I can see why Apple likes this, but it doesn’t seem like a good precedent for users.

The Real Paper

The Boston Phoenix says that The New York Times published a PDF of another newspaper’s article without obtaining permission (via Hacker News). However, I was unable to verify this because the paper of record has (apparently to avoid embarrassment) removed all references to said PDF.

Path Uploads Your Entire iPhone Address Book to Its Servers

In 2010, I wrote:

I don’t understand why iOS makes such a big deal about permission to access location data, when any random app, even one that shouldn’t need network access at all, can access my address book, photos, and clipboard and upload them to who-knows-where.

Yesterday, Arun Thampi wrote:

Upon inspecting closer, I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path. Now I don’t remember having given permission to Path to access my address book and send its contents to its servers, so I created a completely new “Path” and repeated the experiment and I got the same result – my address book was in Path’s hands.

John Gruber notes that the response from Path is not very satisfying. Is this really “currently the industry best practice”? See, for example, these questions from Matt Gemmell. There’s no automated way to get them to delete your data. Rule 17.1 of the App Store Review Guidelines seems to prohibit this sort of behavior without the user’s consent, yet Path has been in the curated App Store for over a year and Apple doesn’t seem to have noticed that it’s sending this information back to the server in cleartext. Now that the news has broken, Apple has neither pulled the app nor approved the update that asks users to opt in. As Peter Maurer says, “No technology will ever protect us from Trojan horses. Rules that destroy functionality are mere security theater.”

Update (2012-02-08): The official response from Path:

We are deeply sorry if you were uncomfortable with how our application used your phone contacts.

That could have been phrased better. Also, Gawker quotes Path CEO Dave Morin, in November 2010:

Path does not retain or store any of your information in any way.

Good thing they will “continue to be transparent.”

Also, in 2010, Dave Winer noticed that something wasn’t right, but he’d forgotten about it until now.

Update (2012-02-09): Gawker:

The official version from Morin is that the statement was technically accurate, at the time he made it. He just changed his mind.

Peter Maurer links to this screenshot of Path’s new opt-in alert, noting that it isn’t very transparent. It just asks whether you want to invite your friends, without explaining what this entails for your personal data. However, Ole Zorn links to this screenshot in which the alert actually says “Path needs to send contacts to our server.”

Brent Simmons on Dustin Curtis’s “quiet understanding” that it’s OK to do this with people’s address books:

I know a ton of developers, and I’ve never, ever heard this.

Update (2012-02-10): In the comments, CF quotes Steve Jobs at D8:

We take privacy extremely seriously. That’s one of the reasons we have the curated apps store. We have rejected a lot of apps that want to take a lot of your personal data and suck it up into the cloud. Privacy means people know what they’re signing up for.

Update (2012-02-15): Dave Copeland:

But Twitter, as reported by the Los Angeles Times, seems to be the biggest name to make a revelation so far. The company told the newspaper it is making changes to make the policy clearer to users of its app. The current policy does not clearly state that Twitter downloads the entire address book of users who use the “Find Friends” feature on the app, including names, email addresses and phone numbers, and stores the data on its servers for 18 months.

Venture Beat (via Jason Kottke):

Facebook, Twitter, Foursquare, Instagram Foodspotting, Yelp, and Gowalla all upload either your contacts’ phone numbers or email addresses to their servers for matching purposes. Some of these applications perform this action without first requesting permission or informing you how they long they plan to store this data. Foodspotting is the worst of the bunch, as it appears to transmit your data over an unencrypted HTTP connection (in plain text), making it even easier for mischievous parties to intercept.

John Paczkowski:

“Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines,” Apple spokesman Tom Neumayr told AllThingsD. “We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release.”

Not mentioned: (1) the other types of personal data that apps can access without permission, and (2) the difference between letting the app access your address book and letting the app transmit it.